Script to backup event logs using a server list
Summary
Have you ever needed to back up event logs for root cause analysis or auditing? Did you access each server and manually export the requested log file?
If yes, I hope you find this script handy.
The script
# Specify which Log File
$EventLogName = “Application”
# Specify drive to store event logs
$drive= “c$”
# Specify server to store event logs
$dest = "SERVERNAME"
#Simple Server list
$servers = Get-Content C:\servers.txt
# For loop to do the work
foreach ($server in $servers)
{
# Create a target folder on host if does not exist
$TARGETROOT = "\\$server\$drive\logs"
if(!(Test-Path -Path $TARGETROOT)){
New-Item -ItemType directory -Path $TARGETROOT
}
# This is the WMI call to select the application log from each server
$logFile = Get-WmiObject -EnableAllPrivileges -ComputerName $server Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $EventLogName}
# Creating a file name based on server, log and time
$exportFileName = $server + “_” + $EventLogName + “_” +(get-date -f yyyyMMdd) + “.evt”
# Perform the backup
$logFile.backupeventlog($TARGETROOT + “\” + $exportFileName)
# Create an export folder if it does not exist
$target = "\\$dest\$drive\logs\export"
if(!(Test-Path -Path $target)){
New-Item -ItemType directory -Path $target
}
# Since WMI does the work on the remote machine you can’t copy to file share.
# This is a workaround to move to files to a single location after the backup
Move-Item $TARGETROOT\$exportFileName $target
}
# Since WMI does the work on the remote machine you can’t copy to file share.
# This is a workaround to move to files to a single location after the backup
Move-Item $TARGETROOT\$exportFileName $target
}
What does it the script do?
- This script will read a list of servers and backup the specified event logs to a local folder on the source servers.
- After the backup is complete it will move the event logs files to network share specified by the destination, so all backed up files are stored in a single location.
Server List and Script completion example:
I hope you find this useful the next time you need to backup event logs from multiple servers.